{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38009","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.977Z","datePublished":"2025-06-18T09:28:20.068Z","dateUpdated":"2026-05-11T21:19:32.973Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:19:32.973Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: disable napi on driver removal\n\nA warning on driver removal started occurring after commit 9dd05df8403b\n(\"net: warn if NAPI instance wasn't shut down\"). Disable tx napi before\ndeleting it in mt76_dma_cleanup().\n\n WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100\n CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy)\n Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024\n RIP: 0010:__netif_napi_del_locked+0xf0/0x100\n Call Trace:\n <TASK>\n mt76_dma_cleanup+0x54/0x2f0 [mt76]\n mt7921_pci_remove+0xd5/0x190 [mt7921e]\n pci_device_remove+0x47/0xc0\n device_release_driver_internal+0x19e/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x6d/0xf0\n pci_unregister_driver+0x2e/0xb0\n __do_sys_delete_module.isra.0+0x197/0x2e0\n do_syscall_64+0x7b/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTested with mt7921e but the same pattern can be actually applied to other\nmt76 drivers calling mt76_dma_cleanup() during removal. Tx napi is enabled\nin their *_dma_init() functions and only toggled off and on again inside\ntheir suspend/resume/reset paths. So it should be okay to disable tx\nnapi in such a generic way.\n\nFound by Linux Verification Center (linuxtesting.org)."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/mediatek/mt76/dma.c"],"versions":[{"version":"2ac515a5d74f26963362d5da9589c67ca3663338","lessThan":"ff0f820fa5b99035b3c654dd531226d8d83aec5f","status":"affected","versionType":"git"},{"version":"2ac515a5d74f26963362d5da9589c67ca3663338","lessThan":"ca5b213bf4b4224335a8131a26805d16503fca5f","status":"affected","versionType":"git"},{"version":"2ac515a5d74f26963362d5da9589c67ca3663338","lessThan":"b892e830d1ea8c5475254b98827771f7366f1039","status":"affected","versionType":"git"},{"version":"2ac515a5d74f26963362d5da9589c67ca3663338","lessThan":"5e700b06b970fc19e3a1ecb244e14785f3fbb8e3","status":"affected","versionType":"git"},{"version":"2ac515a5d74f26963362d5da9589c67ca3663338","lessThan":"2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8","status":"affected","versionType":"git"},{"version":"2ac515a5d74f26963362d5da9589c67ca3663338","lessThan":"e7bfbda5fddd27f3158e723d641c0fcdfb0552a7","status":"affected","versionType":"git"},{"version":"2ac515a5d74f26963362d5da9589c67ca3663338","lessThan":"78ab4be549533432d97ea8989d2f00b508fa68d8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/mediatek/mt76/dma.c"],"versions":[{"version":"5.2","status":"affected"},{"version":"0","lessThan":"5.2","status":"unaffected","versionType":"semver"},{"version":"5.10.238","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.184","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.140","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.92","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.30","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.8","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.10.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.15.184"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.1.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.6.92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.12.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.14.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ff0f820fa5b99035b3c654dd531226d8d83aec5f"},{"url":"https://git.kernel.org/stable/c/ca5b213bf4b4224335a8131a26805d16503fca5f"},{"url":"https://git.kernel.org/stable/c/b892e830d1ea8c5475254b98827771f7366f1039"},{"url":"https://git.kernel.org/stable/c/5e700b06b970fc19e3a1ecb244e14785f3fbb8e3"},{"url":"https://git.kernel.org/stable/c/2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8"},{"url":"https://git.kernel.org/stable/c/e7bfbda5fddd27f3158e723d641c0fcdfb0552a7"},{"url":"https://git.kernel.org/stable/c/78ab4be549533432d97ea8989d2f00b508fa68d8"}],"title":"wifi: mt76: disable napi on driver removal","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:58:16.530Z"}}]}}